IPv6 Firewall on CPEs - Default on or off

Martin Millnert martin at millnert.se
Wed Nov 28 14:31:14 CET 2012


On Wed, 2012-11-28 at 21:51 +0900, Lorenzo Colitti wrote:


> I think we all agree that if the ISP does not provide a CPE, then the
> ISP is not under responsibility to firewall.

s/firewall/allow inbound connections/

> Right? Because that's how it works in IPv4.


The future is private space, of course!

I really appreciate the good inputs in this thread. I'm currently in the
challenge of sketching up a new large residential network, and there's
a /22 IPv4 to do it.  And limitless IPv6.  All greenfield.  Quite
funny. :)

CPE firewall or not has bearing on this case, though I'm proponing CPE
being in bridged mode (there's SVLAN:CVLAN separation of users).

Greenfield has some benefits here.  There are 0 customers already in a
specific mode of operations (ie, no customers already behind

Asymmetry between IPv4 and IPv6 is given since IPv4 is out. It's
impossible to reconcile this to be "open/open".  But I seriously wonder
if a single user will care, or notice?
  Free.fr and others could really help with offering support desk
statistics on this: ie., does inbound open v6 cause cost? :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121128/ac863583/attachment.bin 

More information about the ipv6-ops mailing list